A suspect based in Hong Kong is believed to be the main culprit behind a wave of malicious ads that have invaded Microsoft apps and services over the past few months.
The suspect is believed to be a Hong Kong man who operates at least two front companies named Fiber-Ads and Clockfollow, according to an investigation shared with ZDNet this week by Confiant, a cyber-security firm specialized in tracking malvertising campaigns.
Confiant says the suspect uses the two companies to place ads with legitimate ad networks. Malicious code hidden in the ads hijacks users viewing the ads, and redirect them to other sites.
The suspect then uses an account on MyMediaAds, a platform for online advertisers, to sell the hijacked traffic to other threat actors, redirecting users from legitimate apps and websites to sites pushing fake antivirus apps, Flash updates, tech support sites, and other scams.
Based on its internal data, Confiant said this Hong Kong-based threat actor has been responsible for over 100 million bad ad impressions this year alone.
Read Complete Article: